In the study,
“Underground Economies: Intellectual Capital and
Sensitive Corporate Data Now the Latest Cybercrime Currency,”
security experts and senior IT decision makers illustrate how
cybercriminals have made the shift from stealing personal information,
to targeting the corporate intellectual capital of some of the most
well-known global organizations. Cybercriminals understand there is
greater value in selling a corporations’ proprietary information and
trade secrets which have little to no protection making intellectual
capital their new currency of choice.

The cyber underground economy is making its money on the theft of
corporate intellectual capital which includes trade secrets, marketing
plans, research and development findings and even source code. McAfee
and SAIC collaborated with Vanson Bourne to survey more than 1,000
senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil
and the Middle East. The study is a follow up to a report released in
2008 called “Unsecured Economies.” The new study reveals the changes in
attitudes and perceptions of intellectual property protection in the
last two years. The findings revealed which countries were perceived as
the least safe to store corporate data, the rate at which organizations
are experiencing breaches and the response rate to prevent or remediate
data breaches.

“Cybercriminals have shifted their focus from physical assets to data
driven properties, such as trade secrets or product planning documents,”
said Simon Hunt, vice president and chief technology officer, endpoint
security at McAfee. “We’ve seen significant attacks targeting this type
of information. Sophisticated attacks such as Operation Aurora, and even
unsophisticated attacks like Night Dragon, have infiltrated some of the
largest, and seemingly most protected corporations in the world.
Criminals are targeting corporate intellectual capital and they are
often succeeding.”

“The distinction between insiders and outsiders is blurring,” said Scott
Aken, vice president for cyber operations at SAIC. “Sophisticated
attackers infiltrate a network, steal valid credentials on the network,
and operate freely – just as an insider would. Having defensive
strategies against these blended insider threats is essential, and
organizations need insider threat tools that can predict attacks based
on human behavior.”

Key findings from this year’s report include the following:

•Impact
of Data Breaches - A quarter of organizations have had a
merger/acquisition and, or a new product/solution roll-out stopped or
slowed by a data breach, or the credible threat of a data breach. If an
organization experienced a data breach, only half of those organizations
took steps to remediate and protect systems from future breaches.

•Organizations Are Looking to Store Intellectual Property Abroad - The
economic downturn has resulted in an increase of organizations
reassessing the risks of processing data outside their home country, in
search of cheaper options, with approximately half of organizations
surveyed responding they would do so, an overall increase since 2008.
Approximately one third of organizations are looking to increase the
amount of sensitive information they store abroad, up from one in five
two years ago.

•Cost of securing data abroad – In China, Japan, U.K. and the U.S.,
organizations are spending more than $1 million a day on their IT. In
the U.S., China, and India, organizations are spending more than $1
million per week on securing sensitive information abroad.

•Geographic Threat Perceptions to Intellectual Property - China, Russia,
Pakistan are perceived to be the least safe for data storage, and the
United Kingdom, Germany and the United States are perceived to be the
most safe. Of the global organizations surveyed however, a large amount
of organizations are not conducting frequent risk assessments, with more
than a quarter of organizations assessing the threats or risks posed to
their data only twice a year or less.

•Organizations Keeping Quiet about Data Breaches - Only three in ten
organizations report all data breaches suffered, and six in ten
organizations currently “pick and choose” the breaches they report. The
report also shows that organizations may seek out countries with more
lenient disclosure laws, with eight in ten organizations that store
sensitive information abroad influenced by privacy laws requiring
notification of data breaches to customers.

•Device Management a Current Challenge - One of the greatest challenges
organizations face when managing information security is the
proliferation of devices, such as iPads, iPhones and Androids. Securing
mobile devices continues to be a pain point for most organizations, with
62 percent of respondents identifying this as a challenge. Concurrently,
the report shows the most significant threat reported by organizations
when protecting sensitive